Lucene search
+L

68 matches found

osv
osv
added 2022/10/19 4:15 p.m.20 views

CVE-2022-43421

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...

5.3CVSS5.3AI score
Exploits0References2
prion
prion
added 2022/10/19 4:15 p.m.15 views

Design/Logic Flaw

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...

5CVSS5.2AI score0.00665EPSS
Exploits0References2Affected Software1
cve
cve
added 2022/10/19 12:0 a.m.85 views

CVE-2022-43421

CVE-2022-43421 : In Jenkins, the Tuleap Git Branch Source Plugin (versions 3.2.4 and earlier) contains a missing permission check in the mechanism that triggers Tuleap projects. This allows unauthenticated attackers to trigger projects whose configured repository matches an attacker-specified val...

5.3CVSS5.2AI score0.00665EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/10/19 12:0 a.m.33 views

CVE-2022-43421

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...

5.5AI score0.00665EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/10/19 12:0 a.m.9 views

PT-2022-6109 · Jenkins · Jenkins Tuleap Git Branch Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Git Branch Source Plugin versions 3.2.4 and earlier Description: The issue is related to a missing permission check in the Jenkins Tuleap Git Branch Source Plugin, allowing unauthenticated attackers to trigger Tuleap projects...

5.3CVSS5.2AI score0.00665EPSS
Exploits0References7
osv
osv
added 2022/05/14 3:13 a.m.87 views

GHSA-9CFQ-V2HM-C3XR Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Additionally, this form validation method did not require POST...

4.3CVSS4.4AI score0.00642EPSS
Exploits0References4
github
github
added 2022/05/14 3:13 a.m.28 views

Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Additionally, this form validation method did not require POST...

4.3CVSS3AI score0.00642EPSS
Exploits0References4Affected Software1
cnvd
cnvd
added 2022/01/16 12:0 a.m.36 views

Jenkins Bitbucket Branch Source Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins Bitbucket Branch Source Plugin suffers from a cross-site request forgery vulnerability that stems from a WE...

7.1CVSS7AI score0.00655EPSS
Exploits0References1
github
github
added 2022/01/13 12:1 a.m.25 views

Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin

Jenkins Bitbucket Branch Source Plugin prior to 746.v350d2781c184, 725.vd9f8be0fa250, 2.9.11.2, and 2.9.7.2 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used...

4.3CVSS4.8AI score0.00852EPSS
Exploits0References6Affected Software1
osv
osv
added 2022/01/13 12:1 a.m.24 views

GHSA-W4JV-6RG4-PR4M Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin

Jenkins Bitbucket Branch Source Plugin prior to 746.v350d2781c184, 725.vd9f8be0fa250, 2.9.11.2, and 2.9.7.2 does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This allows attackers with Overall/Read access to connect to an...

7.1CVSS7AI score0.00655EPSS
Exploits0References6
attackerkb
attackerkb
added 2022/01/12 8:15 p.m.5 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS7AI score0.00655EPSS
Exploits0References3
nvd
nvd
added 2022/01/12 8:15 p.m.29 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS0.00655EPSS
Exploits0References2
osv
osv
added 2022/01/12 8:15 p.m.24 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS6.9AI score
Exploits0References2
nvd
nvd
added 2022/01/12 8:15 p.m.25 views

CVE-2022-20618

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.00852EPSS
Exploits0References2
cve
cve
added 2022/01/12 7:5 p.m.140 views

CVE-2022-20619

CVE-2022-20619 applies to Jenkins Bitbucket Branch Source Plugin prior to 737.vdf9dc06105be. It describes a cross-site request forgery (CSRF) vulnerability that lets an attacker cause Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing c...

7.1CVSS6.8AI score0.00655EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/01/12 7:5 p.m.41 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.6AI score0.00655EPSS
Exploits0References2
cve
cve
added 2022/01/12 7:5 p.m.114 views

CVE-2022-20618

The CVE-2022-20618 entry affects Jenkins Bitbucket Branch Source Plugin (versions prior to 737.vdf9dc06105be). The root cause is a missing permission check on multiple HTTP endpoints, which allows attackers with Overall/Read access to enumerate credentials IDs stored in Jenkins. This credential d...

4.3CVSS4.3AI score0.00852EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/01/12 7:5 p.m.31 views

CVE-2022-20618

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...

5.8AI score0.00852EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/01/12 12:0 a.m.2 views

PT-2022-14827 · Jenkins · Jenkins Bitbucket Branch Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Branch Source Plugin versions prior to 746.v350d2781c184 Jenkins Bitbucket Branch Source Plugin versions prior to 725.vd9f8be0fa250 Jenkins Bitbucket Branch Source Plugin versions prior to 2.9.11.2 Jenkins Bitbucket Branch...

7.1CVSS6.8AI score0.00655EPSS
Exploits0References10
cnnvd
cnnvd
added 2022/01/12 12:0 a.m.9 views

Jenkins Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins Bitbucket Branch Source Plugin suffers from a cross-site request forgery vulnerability that stems from a WE...

7.1CVSS5.6AI score0.00655EPSS
Exploits0References6
Rows per page
Query Builder